gaschz/trilium
1
0
Fork 0
mirror of https://github.com/zadam/trilium.git synced 2025-11-04 05:28:59 +01:00
Code Issues Actions 17 Packages Projects Releases Wiki Activity

Merge pull request #3080 from DynamoFox/rate-limit-etapi-login-route

Browse Source 
Rate limit the /auth/login route of ETAPI
This commit is contained in:
zadam 2022-08-22 19:37:59 +02:00 committed by GitHub
commit 934b1ad8c6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 7 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/etapi/auth.js
View File

@ -3,8 +3,8 @@ const eu = require("./etapi_utils");
const passwordEncryptionService = require("../services/password_encryption");
const etapiTokenService = require("../services/etapi_tokens");
function register(router) {
eu.NOT_AUTHENTICATED_ROUTE(router, 'post', '/etapi/auth/login', (req, res, next) => {
function register(router, loginMiddleware) {
eu.NOT_AUTHENTICATED_ROUTE(router, 'post', '/etapi/auth/login', loginMiddleware, (req, res, next) => {
const {password, tokenName} = req.body;
if (!passwordEncryptionService.verifyPassword(password)) {

2
src/etapi/etapi.openapi.yaml
View File

@ -602,6 +602,8 @@ paths:
authToken:
type: string
example: Bc4bFn0Ffiok_4NpbVCDnFz7B2WU+pdhW8B5Ne3DiR5wXrEyqdjgRIsk=
'429':
description: Client IP has been blacklisted because too many requests (possibly failed authentications) were made within a short time frame, try again later
default:
description: unexpected error
content:

4
src/etapi/etapi_utils.js
View File

@ -66,8 +66,8 @@ function route(router, method, path, routeHandler) {
router[method](path, checkEtapiAuth, (req, res, next) => processRequest(req, res, routeHandler, next, method, path));
}
function NOT_AUTHENTICATED_ROUTE(router, method, path, routeHandler) {
router[method](path, (req, res, next) => processRequest(req, res, routeHandler, next, method, path));
function NOT_AUTHENTICATED_ROUTE(router, method, path, middleware, routeHandler) {
router[method](path, ...middleware, (req, res, next) => processRequest(req, res, routeHandler, next, method, path));
}
function getAndCheckNote(noteId) {

2
src/routes/routes.js
View File

@ -416,7 +416,7 @@ function register(app) {
shareRoutes.register(router);
etapiAuthRoutes.register(router);
etapiAuthRoutes.register(router, [loginRateLimiter]);
etapiAppInfoRoutes.register(router);
etapiAttributeRoutes.register(router);
etapiBranchRoutes.register(router);